Traffic from cloudflare is not blocked by ipblacklist plugin

Traefik Traefik v2
1

I've installed and enabled ipblacklist plugin like this:
traefik.yml

api:
  dashboard: true

entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"
    http:
      middlewares:
        - my-traefik-plugin-ipblacklist@file

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false

  file:
    directory: /configuration
    watch: true

experimental:
  plugins:
    traefik-plugin-ipblacklist:
      moduleName: "github.com/LyuHe-uestc/traefik-plugin-ipblacklist"
      version: "v0.0.2"

configuration/file.yml

http:
  middlewares:
    my-traefik-plugin-ipblacklist:
      plugin:
        traefik-plugin-ipblacklist:
          SourceRange:
            - test_ip/32

what I observe now:

  1. test ip is correctly banned with 403 status when I try to access traefik dashboard
  2. All hosts from the docker provider are still accessible

What I need to apply this plugin globally to literally ALL hosts?

2

To me it seems you applied the plugin middlewares on entrypoint, so it should be available for all routers using websecure.

3

Thanks, it is appeared to be related to the Cloudflare proxy mode enabled for the respective domains.
On updating /etc/hosts locally to bypass Cloudflare I was finally banned successfully :slight_smile:
So the question now turned into how to unmask client IP before calling ipblacklist plugin

4

Check if Cloudflare supports ProxyProtocol. Traefik does.

5

Maybe I just need something like this in front of ipblacklist?